/xdm-1.1.11/greeter/greet.c

# · C · 832 lines · 641 code · 90 blank · 101 comment · 102 complexity · 83609a800d10a0596848e66585d87189 MD5 · raw file 

    

  1. /*
    2. 

    3. 

  3. Copyright 1988, 1998  The Open Group
    4. 

    5. 

  5. Permission to use, copy, modify, distribute, and sell this software and its
    6. 

  6. documentation for any purpose is hereby granted without fee, provided that
    7. 

  7. the above copyright notice appear in all copies and that both that
    8. 

  8. copyright notice and this permission notice appear in supporting
    9. 

  9. documentation.
    10. 

    11. 

  11. The above copyright notice and this permission notice shall be included
    12. 

  12. in all copies or substantial portions of the Software.
    13. 

    14. 

  14. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
    15. 

  15. OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
    16. 

  16. MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
    17. 

  17. IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
    18. 

  18. OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
    19. 

  19. ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
    20. 

  20. OTHER DEALINGS IN THE SOFTWARE.
    21. 

    22. 

  22. Except as contained in this notice, the name of The Open Group shall
    23. 

  23. not be used in advertising or otherwise to promote the sale, use or
    24. 

  24. other dealings in this Software without prior written authorization
    25. 

  25. from The Open Group.
    26. 

    27. 

  27. */
    28. 

  28. /*
    29. 

  29.  * Copyright (c) 2006, Oracle and/or its affiliates. All rights reserved.
    30. 

  30.  *
    31. 

  31.  * Permission is hereby granted, free of charge, to any person obtaining a
    32. 

  32.  * copy of this software and associated documentation files (the "Software"),
    33. 

  33.  * to deal in the Software without restriction, including without limitation
    34. 

  34.  * the rights to use, copy, modify, merge, publish, distribute, sublicense,
    35. 

  35.  * and/or sell copies of the Software, and to permit persons to whom the
    36. 

  36.  * Software is furnished to do so, subject to the following conditions:
    37. 

  37.  *
    38. 

  38.  * The above copyright notice and this permission notice (including the next
    39. 

  39.  * paragraph) shall be included in all copies or substantial portions of the
    40. 

  40.  * Software.
    41. 

  41.  *
    42. 

  42.  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    43. 

  43.  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    44. 

  44.  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
    45. 

  45.  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    46. 

  46.  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
    47. 

  47.  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
    48. 

  48.  * DEALINGS IN THE SOFTWARE.
    49. 

  49.  */
    50. 

  50. 

  51. 

  52. /*
    53. 

  53.  * xdm - display manager daemon
    54. 

  54.  * Author:  Keith Packard, X Consortium
    55. 

  55.  *
    56. 

  56.  * widget to get username/password
    57. 

  57.  *
    58. 

  58.  */
    59. 

  59. 

  60. #ifdef HAVE_CONFIG_H
    61. 

  61. # include "config.h"
    62. 

  62. #endif
    63. 

  63. 

  64. #include <X11/Intrinsic.h>
    65. 

  65. #include <X11/StringDefs.h>
    66. 

  66. #include <X11/Shell.h>
    67. 

  67. #include <X11/XKBlib.h>
    68. 

  68. 

  69. #ifdef USE_XINERAMA
    70. 

  70. # include <X11/extensions/Xinerama.h>
    71. 

  71. #endif
    72. 

  72. 

  73. #include "dm.h"
    74. 

  74. #include "dm_error.h"
    75. 

  75. #include "greet.h"
    76. 

  76. #include "LoginP.h"
    77. 

  77. 

  78. #if defined(HAVE_OPENLOG) && defined(HAVE_SYSLOG_H)
    79. 

  79. # define USE_SYSLOG
    80. 

  80. # include <syslog.h>
    81. 

  81. # ifndef LOG_AUTHPRIV
    82. 

  82. #  define LOG_AUTHPRIV LOG_AUTH
    83. 

  83. # endif
    84. 

  84. # ifndef LOG_PID
    85. 

  85. #  define LOG_PID 0
    86. 

  86. # endif
    87. 

  87. #endif
    88. 

  88. 

  89. #ifdef HAVE_LIBAUDIT
    90. 

  90. #include <libaudit.h>
    91. 

  91. #include <pwd.h>
    92. 

  92. #else
    93. 

  93. #define log_to_audit_system(l,h,s)   do { ; } while (0)
    94. 

  94. #endif
    95. 

  95. 

  96. #include <string.h>
    97. 

  97. 

  98. #if defined(SECURE_RPC) && defined(sun)
    99. 

  99. /* Go figure, there's no getdomainname() prototype available */
    100. 

  100. extern int getdomainname(char *name, size_t len);
    101. 

  101. #endif
    102. 

  102. 

  103. /*
    104. 

  104.  * Function pointers filled in by the initial call ito the library
    105. 

  105.  */
    106. 

  106. 

  107. int     (*__xdm_PingServer)(struct display *d, Display *alternateDpy) = NULL;
    108. 

  108. void    (*__xdm_SessionPingFailed)(struct display *d) = NULL;
    109. 

  109. void    (*__xdm_Debug)(const char * fmt, ...) = NULL;
    110. 

  110. void    (*__xdm_RegisterCloseOnFork)(int fd) = NULL;
    111. 

  111. void    (*__xdm_SecureDisplay)(struct display *d, Display *dpy) = NULL;
    112. 

  112. void    (*__xdm_UnsecureDisplay)(struct display *d, Display *dpy) = NULL;
    113. 

  113. void    (*__xdm_ClearCloseOnFork)(int fd) = NULL;
    114. 

  114. void    (*__xdm_SetupDisplay)(struct display *d) = NULL;
    115. 

  115. void    (*__xdm_LogError)(const char * fmt, ...) = NULL;
    116. 

  116. void    (*__xdm_SessionExit)(struct display *d, int status, int removeAuth) = NULL;
    117. 

  117. void    (*__xdm_DeleteXloginResources)(struct display *d, Display *dpy) = NULL;
    118. 

  118. int     (*__xdm_source)(char **environ, char *file) = NULL;
    119. 

  119. char    **(*__xdm_defaultEnv)(void) = NULL;
    120. 

  120. char    **(*__xdm_setEnv)(char **e, char *name, char *value) = NULL;
    121. 

  121. char    **(*__xdm_putEnv)(const char *string, char **env) = NULL;
    122. 

  122. char    **(*__xdm_parseArgs)(char **argv, char *string) = NULL;
    123. 

  123. void    (*__xdm_printEnv)(char **e) = NULL;
    124. 

  124. char    **(*__xdm_systemEnv)(struct display *d, char *user, char *home) = NULL;
    125. 

  125. void    (*__xdm_LogOutOfMem)(const char * fmt, ...) = NULL;
    126. 

  126. void    (*__xdm_setgrent)(void) = NULL;
    127. 

  127. struct group    *(*__xdm_getgrent)(void) = NULL;
    128. 

  128. void    (*__xdm_endgrent)(void) = NULL;
    129. 

  129. # ifdef HAVE_GETSPNAM
    130. 

  130. struct spwd   *(*__xdm_getspnam)(GETSPNAM_ARGS) = NULL;
    131. 

  131. #  ifndef QNX4
    132. 

  132. void   (*__xdm_endspent)(void) = NULL;
    133. 

  133. #  endif /* QNX4 doesn't use endspent */
    134. 

  134. # endif
    135. 

  135. struct passwd   *(*__xdm_getpwnam)(GETPWNAM_ARGS) = NULL;
    136. 

  136. # if defined(linux) || defined(__GLIBC__)
    137. 

  137. void   (*__xdm_endpwent)(void) = NULL;
    138. 

  138. # endif
    139. 

  139. char     *(*__xdm_crypt)(CRYPT_ARGS) = NULL;
    140. 

  140. # ifdef USE_PAM
    141. 

  141. pam_handle_t **(*__xdm_thepamhp)(void) = NULL;
    142. 

  142. # endif
    143. 

  143. 

  144. #ifdef SECURE_RPC
    145. 

  145. # include <rpc/rpc.h>
    146. 

  146. # include <rpc/key_prot.h>
    147. 

  147. #endif
    148. 

  148. 

  149. #ifdef K5AUTH
    150. 

  150. # include <krb5/krb5.h>
    151. 

  151. #endif
    152. 

  152. 

  153. static int	done, code;
    154. 

  154. #ifndef USE_PAM
    155. 

  155. static char	name[NAME_LEN], password[PASSWORD_LEN];
    156. 

  156. #endif
    157. 

  157. static Widget		toplevel;
    158. 

  158. static Widget		login;
    159. 

  159. static XtAppContext	context;
    160. 

  160. static XtIntervalId	pingTimeout;
    161. 

  161. 

  162. #ifdef USE_PAM
    163. 

  163. static int pamconv(int num_msg,
    164. 

  164. # ifndef sun
    165. 

  165. 		   const
    166. 

  166. # endif
    167. 

  167. 		   struct pam_message **msg,
    168. 

  168. 		   struct pam_response **response, void *appdata_ptr);
    169. 

  169. 

  170. # define PAM_ERROR_PRINT(pamfunc, pamh)	\
    171. 

  171. 	LogError("%s failure: %s\n", pamfunc, pam_strerror(pamh, pam_error))
    172. 

  172. 

  173. 

  174. struct myconv_data {
    175. 

  175.     struct display *d;
    176. 

  176.     struct greet_info *greet;
    177. 

  177.     char *username_display;
    178. 

  178. };
    179. 

  179. #endif
    180. 

  180. 

  181. 

  182. /*ARGSUSED*/
    183. 

  183. static void
    184. 

  184. GreetPingServer (
    185. 

  185.     XtPointer	    closure,
    186. 

  186.     XtIntervalId    *intervalId)
    187. 

  187. {
    188. 

  188.     struct display *d;
    189. 

  189. 

  190.     d = (struct display *) closure;
    191. 

  191.     if (!PingServer (d, XtDisplay (toplevel)))
    192. 

  192. 	SessionPingFailed (d);
    193. 

  193.     pingTimeout = XtAppAddTimeOut (context, d->pingInterval * 60 * 1000,
    194. 

  194. 				   GreetPingServer, (closure));
    195. 

  195. }
    196. 

  196. 

  197. /*ARGSUSED*/
    198. 

  198. static void
    199. 

  199. GreetDone (
    200. 

  200.     Widget	w,
    201. 

  201.     LoginData	*data,
    202. 

  202.     int		status)
    203. 

  203. {
    204. 

  204.     Debug ("GreetDone: %s, (password is %d long)\n",
    205. 

  205. 	    data->name, strlen (data->passwd));
    206. 

  206.     switch (status) {
    207. 

  207.     case NOTIFY_OK:
    208. 

  208. #ifndef USE_PAM
    209. 

  209. 	strncpy (name, data->name, sizeof(name));
    210. 

  210. 	name[sizeof(name)-1] = '\0';
    211. 

  211. 	strncpy (password, data->passwd, sizeof(password));
    212. 

  212. 	password[sizeof(password)-1] = '\0';
    213. 

  213. #endif
    214. 

  214. 	code = 0;
    215. 

  215. 	done = 1;
    216. 

  216. 	break;
    217. 

  217.     case NOTIFY_ABORT:
    218. 

  218. 	Debug ("RESERVER_DISPLAY\n");
    219. 

  219. 	code = RESERVER_DISPLAY;
    220. 

  220. 	done = 1;
    221. 

  221. 	break;
    222. 

  222.     case NOTIFY_RESTART:
    223. 

  223. 	Debug ("REMANAGE_DISPLAY\n");
    224. 

  224. 	code = REMANAGE_DISPLAY;
    225. 

  225. 	done = 1;
    226. 

  226. 	break;
    227. 

  227.     case NOTIFY_ABORT_DISPLAY:
    228. 

  228. 	Debug ("UNMANAGE_DISPLAY\n");
    229. 

  229. 	code = UNMANAGE_DISPLAY;
    230. 

  230. 	done = 1;
    231. 

  231. 	break;
    232. 

  232.     }
    233. 

  233. #ifndef USE_PAM
    234. 

  234.     if (done) {
    235. 

  235. 	bzero (data->name, NAME_LEN);
    236. 

  236. 	bzero (data->passwd, PASSWORD_LEN);
    237. 

  237.     }
    238. 

  238. #endif
    239. 

  239. }
    240. 

  240. 

  241. static Display *
    242. 

  242. InitGreet (struct display *d)
    243. 

  243. {
    244. 

  244.     Arg		arglist[10];
    245. 

  245.     int		i;
    246. 

  246.     static int	argc;
    247. 

  247.     Screen		*scrn;
    248. 

  248.     static char	*argv[] = { "xlogin", NULL };
    249. 

  249.     Display		*dpy;
    250. 

  250. #ifdef USE_XINERAMA
    251. 

  251.     XineramaScreenInfo *screens;
    252. 

  252.     int                 s_num;
    253. 

  253. #endif
    254. 

  254. 

  255.     Debug ("greet %s\n", d->name);
    256. 

  256.     argc = 1;
    257. 

  257.     XtToolkitInitialize ();
    258. 

  258.     context = XtCreateApplicationContext();
    259. 

  259.     dpy = XtOpenDisplay (context, d->name, "xlogin", "Xlogin", NULL, 0,
    260. 

  260. 			 &argc, argv);
    261. 

  261. 

  262.     if (!dpy)
    263. 

  263. 	return NULL;
    264. 

  264. 

  265. #ifdef XKB
    266. 

  266.     {
    267. 

  267.     int opcode, evbase, errbase, majret, minret;
    268. 

  268.     unsigned int value = XkbPCF_GrabsUseXKBStateMask;
    269. 

  269.     if (XkbQueryExtension (dpy, &opcode, &evbase, &errbase, &majret, &minret)) {
    270. 

  270. 	if (!XkbSetPerClientControls (dpy, XkbPCF_GrabsUseXKBStateMask, &value))
    271. 

  271. 	    LogError ("%s\n", "SetPerClientControls failed");
    272. 

  272.     }
    273. 

  273.     }
    274. 

  274. #endif
    275. 

  275.     RegisterCloseOnFork (ConnectionNumber (dpy));
    276. 

  276. 

  277.     SecureDisplay (d, dpy);
    278. 

  278. 

  279.     i = 0;
    280. 

  280.     scrn = XDefaultScreenOfDisplay(dpy);
    281. 

  281.     XtSetArg(arglist[i], XtNscreen, scrn);	i++;
    282. 

  282.     XtSetArg(arglist[i], XtNargc, argc);	i++;
    283. 

  283.     XtSetArg(arglist[i], XtNargv, argv);	i++;
    284. 

  284. 

  285.     toplevel = XtAppCreateShell ((String) NULL, "Xlogin",
    286. 

  286. 		    applicationShellWidgetClass, dpy, arglist, i);
    287. 

  287. 

  288.     i = 0;
    289. 

  289.     XtSetArg (arglist[i], XtNnotifyDone, (XtPointer)GreetDone); i++;
    290. 

  290.     if (!d->authorize || d->authorizations || !d->authComplain)
    291. 

  291.     {
    292. 

  292. 	XtSetArg (arglist[i], XtNsecureSession, True); i++;
    293. 

  293.     }
    294. 

  294.     login = XtCreateManagedWidget ("login", loginWidgetClass, toplevel,
    295. 

  295. 				    arglist, i);
    296. 

  296.     XtRealizeWidget (toplevel);
    297. 

  297. 

  298. #ifdef USE_XINERAMA
    299. 

  299.     if (
    300. 

  300. 	XineramaIsActive(dpy) &&
    301. 

  301. 	(screens = XineramaQueryScreens(dpy, &s_num)) != NULL
    302. 

  302.        )
    303. 

  303.     {
    304. 

  304. 	XWarpPointer(dpy, None, XRootWindowOfScreen (scrn),
    305. 

  305. 			0, 0, 0, 0,
    306. 

  306. 			screens[0].x_org + screens[0].width / 2,
    307. 

  307. 			screens[0].y_org + screens[0].height / 2);
    308. 

  308. 

  309. 	XFree(screens);
    310. 

  310.     }
    311. 

  311.     else
    312. 

  312. #endif
    313. 

  313.     XWarpPointer(dpy, None, XRootWindowOfScreen (scrn),
    314. 

  314. 		    0, 0, 0, 0,
    315. 

  315. 		    XWidthOfScreen(scrn) / 2,
    316. 

  316. 		    XHeightOfScreen(scrn) / 2);
    317. 

  317. 

  318.     if (d->pingInterval)
    319. 

  319.     {
    320. 

  320. 	pingTimeout = XtAppAddTimeOut (context, d->pingInterval * 60 * 1000,
    321. 

  321. 				       GreetPingServer, (XtPointer) d);
    322. 

  322.     }
    323. 

  323.     return dpy;
    324. 

  324. }
    325. 

  325. 

  326. static void
    327. 

  327. CloseGreet (struct display *d)
    328. 

  328. {
    329. 

  329.     Boolean	    allow;
    330. 

  330.     Arg	    arglist[1];
    331. 

  331.     Display *dpy = XtDisplay(toplevel);
    332. 

  332. 

  333.     if (pingTimeout)
    334. 

  334.     {
    335. 

  335. 	XtRemoveTimeOut (pingTimeout);
    336. 

  336. 	pingTimeout = 0;
    337. 

  337.     }
    338. 

  338.     UnsecureDisplay (d, dpy);
    339. 

  339.     XtSetArg (arglist[0], XtNallowAccess, (char *) &allow);
    340. 

  340.     XtGetValues (login, arglist, 1);
    341. 

  341.     if (allow)
    342. 

  342.     {
    343. 

  343. 	Debug ("Disabling access control\n");
    344. 

  344. 	XSetAccessControl (dpy, DisableAccess);
    345. 

  345.     }
    346. 

  346.     XtDestroyWidget (toplevel);
    347. 

  347.     toplevel = NULL;
    348. 

  348.     login = NULL; /* child of toplevel, which we just destroyed */
    349. 

  349.     ClearCloseOnFork (XConnectionNumber (dpy));
    350. 

  350.     XCloseDisplay (dpy);
    351. 

  351.     Debug ("Greet connection closed\n");
    352. 

  352. }
    353. 

  353. 

  354. #define WHITESPACE 0
    355. 

  355. #define ARGUMENT 1
    356. 

  356. 

  357. static int
    358. 

  358. Greet (struct display *d, struct greet_info *greet)
    359. 

  359. {
    360. 

  360.     XEvent		event;
    361. 

  361.     Arg		arglist[1];
    362. 

  362. 

  363.     XtSetArg (arglist[0], XtNallowAccess, False);
    364. 

  364.     XtSetValues (login, arglist, 1);
    365. 

  365. 

  366.     Debug ("dispatching %s\n", d->name);
    367. 

  367.     done = 0;
    368. 

  368.     while (!done) {
    369. 

  369. 	XtAppNextEvent (context, &event);
    370. 

  370. 	switch (event.type) {
    371. 

  371. 	case MappingNotify:
    372. 

  372. 	    XRefreshKeyboardMapping(&event.xmapping);
    373. 

  373. 	    break;
    374. 

  374. 	default:
    375. 

  375. 	    XtDispatchEvent (&event);
    376. 

  376. 	    break;
    377. 

  377. 	}
    378. 

  378.     }
    379. 

  379.     XFlush (XtDisplay (toplevel));
    380. 

  380.     Debug ("Done dispatch %s\n", d->name);
    381. 

  381.     if (code == 0)
    382. 

  382.     {
    383. 

  383. #ifndef USE_PAM
    384. 

  384. 	char *ptr;
    385. 

  385. 	unsigned int c,state = WHITESPACE;
    386. 

  386. 

  387. 	/*
    388. 

  388. 	 * Process the name string to get rid of white spaces.
    389. 

  389. 	 */
    390. 

  390. 	for (ptr = name; state == WHITESPACE; ptr++)
    391. 

  391. 	{
    392. 

  392. 	    c = (unsigned int)(*ptr);
    393. 

  393. 	    if (c == ' ')
    394. 

  394. 		continue;
    395. 

  395. 

  396. 	    state = ARGUMENT;
    397. 

  397. 	    break;
    398. 

  398. 	}
    399. 

  399. 

  400. 	greet->name = ptr;
    401. 

  401. 	greet->password = password;
    402. 

  402. #endif  /* USE_PAM */
    403. 

  403. 	XtSetArg (arglist[0], XtNsessionArgument, (char *) &(greet->string));
    404. 

  404. 	XtGetValues (login, arglist, 1);
    405. 

  405. 	Debug ("sessionArgument: %s\n", greet->string ? greet->string : "<NULL>");
    406. 

  406.     }
    407. 

  407.     return code;
    408. 

  408. }
    409. 

  409. 

  410. 

  411. static void
    412. 

  412. FailedLogin (struct display *d, const char *username)
    413. 

  413. {
    414. 

  414. #ifdef USE_SYSLOG
    415. 

  415.     if (username == NULL)
    416. 

  416. 	username = "username unavailable";
    417. 

  417. 

  418.     syslog(LOG_AUTHPRIV|LOG_NOTICE,
    419. 

  419. 	   "LOGIN FAILURE ON %s, %s",
    420. 

  420. 	   d->name, username);
    421. 

  421. #endif
    422. 

  422.     DrawFail (login);
    423. 

  423. }
    424. 

  424. 

  425. #ifdef USE_PAM
    426. 

  426. #ifdef HAVE_LIBAUDIT
    427. 

  427. static void 
    428. 

  428. log_to_audit_system(const pam_handle_t *pamhp, int success)
    429. 

  429. {
    430. 

  430. 	struct passwd *pw = NULL;
    431. 

  431. 	char *hostname = NULL, *tty = NULL, *login=NULL;
    432. 

  432. 	int audit_fd;
    433. 

  433. 

  434. 	audit_fd = audit_open();
    435. 

  435. 	pam_get_item(pamhp, PAM_RHOST, &hostname);
    436. 

  436. 	pam_get_item(pamhp, PAM_TTY, &tty);
    437. 

  437. 	pam_get_item(pamhp, PAM_USER, &login);
    438. 

  438. 	if (login)
    439. 

  439. 		pw = getpwnam(login);
    440. 

  440. 	audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN,
    441. 

  441. 		NULL, "login", login ? login : "(unknown)",
    442. 

  442. 		pw ? pw->pw_uid : -1, hostname, NULL, tty, success);
    443. 

  443. 	close(audit_fd);
    444. 

  444. }
    445. 

  445. #endif
    446. 

  446. #endif
    447. 

  447. 

  448. _X_EXPORT
    449. 

  449. greet_user_rtn GreetUser(
    450. 

  450.     struct display          *d,
    451. 

  451.     Display                 ** dpy,
    452. 

  452.     struct verify_info      *verify,
    453. 

  453.     struct greet_info       *greet,
    454. 

  454.     struct dlfuncs        *dlfuncs)
    455. 

  455. {
    456. 

  456.     int i;
    457. 

  457.     Arg		arglist[2];
    458. 

  458. 

  459. /*
    460. 

  460.  * These must be set before they are used.
    461. 

  461.  */
    462. 

  462.     __xdm_PingServer = dlfuncs->_PingServer;
    463. 

  463.     __xdm_SessionPingFailed = dlfuncs->_SessionPingFailed;
    464. 

  464.     __xdm_Debug = dlfuncs->_Debug;
    465. 

  465.     __xdm_RegisterCloseOnFork = dlfuncs->_RegisterCloseOnFork;
    466. 

  466.     __xdm_SecureDisplay = dlfuncs->_SecureDisplay;
    467. 

  467.     __xdm_UnsecureDisplay = dlfuncs->_UnsecureDisplay;
    468. 

  468.     __xdm_ClearCloseOnFork = dlfuncs->_ClearCloseOnFork;
    469. 

  469.     __xdm_SetupDisplay = dlfuncs->_SetupDisplay;
    470. 

  470.     __xdm_LogError = dlfuncs->_LogError;
    471. 

  471.     __xdm_SessionExit = dlfuncs->_SessionExit;
    472. 

  472.     __xdm_DeleteXloginResources = dlfuncs->_DeleteXloginResources;
    473. 

  473.     __xdm_source = dlfuncs->_source;
    474. 

  474.     __xdm_defaultEnv = dlfuncs->_defaultEnv;
    475. 

  475.     __xdm_setEnv = dlfuncs->_setEnv;
    476. 

  476.     __xdm_putEnv = dlfuncs->_putEnv;
    477. 

  477.     __xdm_parseArgs = dlfuncs->_parseArgs;
    478. 

  478.     __xdm_printEnv = dlfuncs->_printEnv;
    479. 

  479.     __xdm_systemEnv = dlfuncs->_systemEnv;
    480. 

  480.     __xdm_LogOutOfMem = dlfuncs->_LogOutOfMem;
    481. 

  481.     __xdm_setgrent = dlfuncs->_setgrent;
    482. 

  482.     __xdm_getgrent = dlfuncs->_getgrent;
    483. 

  483.     __xdm_endgrent = dlfuncs->_endgrent;
    484. 

  484. # ifdef HAVE_GETSPNAM
    485. 

  485.     __xdm_getspnam = dlfuncs->_getspnam;
    486. 

  486. #  ifndef QNX4
    487. 

  487.     __xdm_endspent = dlfuncs->_endspent;
    488. 

  488. #  endif /* QNX4 doesn't use endspent */
    489. 

  489. # endif
    490. 

  490.     __xdm_getpwnam = dlfuncs->_getpwnam;
    491. 

  491. # if defined(linux) || defined(__GLIBC__)
    492. 

  492.     __xdm_endpwent = dlfuncs->_endpwent;
    493. 

  493. # endif
    494. 

  494.     __xdm_crypt = dlfuncs->_crypt;
    495. 

  495. # ifdef USE_PAM
    496. 

  496.     __xdm_thepamhp = dlfuncs->_thepamhp;
    497. 

  497. # endif
    498. 

  498. 

  499.     *dpy = InitGreet (d);
    500. 

  500.     /*
    501. 

  501.      * Run the setup script - note this usually will not work when
    502. 

  502.      * the server is grabbed, so we don't even bother trying.
    503. 

  503.      */
    504. 

  504.     if (!d->grabServer)
    505. 

  505. 	SetupDisplay (d);
    506. 

  506.     if (!*dpy) {
    507. 

  507. 	LogError ("Cannot reopen display %s for greet window\n", d->name);
    508. 

  508. 	exit (RESERVER_DISPLAY);
    509. 

  509.     }
    510. 

  510. 

  511.     XtSetArg (arglist[0], XtNallowNullPasswd,
    512. 

  512. 	      (char *) &(greet->allow_null_passwd));
    513. 

  513.     XtSetArg (arglist[1], XtNallowRootLogin,
    514. 

  514. 	      (char *) &(greet->allow_root_login));
    515. 

  515.     XtGetValues (login, arglist, 2);
    516. 

  516. 

  517.     for (;;) {
    518. 

  518. #ifdef USE_PAM
    519. 

  519. 

  520. 	/* Run PAM conversation */
    521. 

  521. 	pam_handle_t 	**pamhp		= thepamhp();
    522. 

  522. 	int		  pam_error;
    523. 

  523. 	unsigned int	  pam_flags 	= 0;
    524. 

  524. 	struct myconv_data pcd		= { d, greet, NULL };
    525. 

  525. 	struct pam_conv   pc 		= { pamconv, &pcd };
    526. 

  526. 	const char *	  pam_fname;
    527. 

  527. 	const char *	  login_prompt;
    528. 

  528. 

  529. 

  530. 	SetPrompt(login, LOGIN_PROMPT_USERNAME, NULL, LOGIN_PROMPT_NOT_SHOWN, False);
    531. 

  531. 	login_prompt  = GetPrompt(login, LOGIN_PROMPT_USERNAME);
    532. 

  532. 	SetPrompt(login, LOGIN_PROMPT_PASSWORD, NULL, LOGIN_PROMPT_NOT_SHOWN, False);
    533. 

  533. 

  534. # define RUN_AND_CHECK_PAM_ERROR(function, args)			\
    535. 

  535. 	    do { 						\
    536. 

  536. 		pam_error = function args;			\
    537. 

  537. 		if (pam_error != PAM_SUCCESS) {			\
    538. 

  538. 		    PAM_ERROR_PRINT(#function, *pamhp);		\
    539. 

  539. 		    goto pam_done;				\
    540. 

  540. 		} 						\
    541. 

  541. 	    } while (0)
    542. 

  542. 

  543. 

  544. 	RUN_AND_CHECK_PAM_ERROR(pam_start,
    545. 

  545. 				("xdm", NULL, &pc, pamhp));
    546. 

  546. 

  547. 	/* Set default login prompt to xdm's default from Xresources */
    548. 

  548. 	if (login_prompt != NULL) {
    549. 

  549. 	    RUN_AND_CHECK_PAM_ERROR(pam_set_item,
    550. 

  550. 				    (*pamhp, PAM_USER_PROMPT, login_prompt));
    551. 

  551. 	}
    552. 

  552. 

  553. 	if (d->name[0] != ':') {	/* Displaying to remote host */
    554. 

  554. 	    char *hostname = strdup(d->name);
    555. 

  555. 

  556. 	    if (hostname == NULL) {
    557. 

  557. 		LogOutOfMem("GreetUser");
    558. 

  558. 	    } else {
    559. 

  559. 		char *colon = strrchr(hostname, ':');
    560. 

  560. 

  561. 		if (colon != NULL)
    562. 

  562. 		    *colon = '\0';
    563. 

  563. 

  564. 		RUN_AND_CHECK_PAM_ERROR(pam_set_item,
    565. 

  565. 					(*pamhp, PAM_RHOST, hostname));
    566. 

  566. 		free(hostname);
    567. 

  567. 	    }
    568. 

  568. 	} else {			/* Displaying on local host */
    569. 

  569. 	    const char *ttyname = NULL;
    570. 

  570. 

  571. #ifdef __sun
    572. 

  572. 	    /* Solaris PAM & auditing insist this is a device file that can
    573. 

  573. 	       be found under /dev, so we can't use the display name */
    574. 

  574. 	    char vtpath[16];
    575. 

  575. 

  576. 	    if ((d->windowPath) && !(strchr(d->windowPath, ':'))) {
    577. 

  577. 		/* if path is simply a VT, with no intermediaries, use it */
    578. 

  578. 		snprintf(vtpath, sizeof(vtpath), "/dev/vt/%s", d->windowPath);
    579. 

  579. 		ttyname = vtpath;
    580. 

  580. 	    }
    581. 

  581. #else
    582. 

  582. 	    /* On all other OS'es we just pass the display name for PAM_TTY */
    583. 

  583. 	    ttyname = d->name;
    584. 

  584. #endif
    585. 

  585. 	    RUN_AND_CHECK_PAM_ERROR(pam_set_item, (*pamhp, PAM_TTY, ttyname));
    586. 

  586. 	}
    587. 

  587. 

  588. 	if (!greet->allow_null_passwd) {
    589. 

  589. 	    pam_flags |= PAM_DISALLOW_NULL_AUTHTOK;
    590. 

  590. 	}
    591. 

  591. 	RUN_AND_CHECK_PAM_ERROR(pam_authenticate,
    592. 

  592. 				(*pamhp, pam_flags));
    593. 

  593. 

  594. 	/* handle expired passwords */
    595. 

  595. 	pam_error = pam_acct_mgmt(*pamhp, pam_flags);
    596. 

  596. 	pam_fname = "pam_acct_mgmt";
    597. 

  597. 	if (pam_error == PAM_NEW_AUTHTOK_REQD) {
    598. 

  598. 	    ShowChangePasswdMessage(login);
    599. 

  599. 	    do {
    600. 

  600. 		pam_error = pam_chauthtok(*pamhp, PAM_CHANGE_EXPIRED_AUTHTOK);
    601. 

  601. 	    } while ((pam_error == PAM_AUTHTOK_ERR) ||
    602. 

  602. 		     (pam_error == PAM_TRY_AGAIN));
    603. 

  603. 	    pam_fname = "pam_chauthtok";
    604. 

  604. 	}
    605. 

  605. 	if (pam_error != PAM_SUCCESS) {
    606. 

  606. 	    PAM_ERROR_PRINT(pam_fname, *pamhp);
    607. 

  607. 	    goto pam_done;
    608. 

  608. 	}
    609. 

  609. 

  610. 	RUN_AND_CHECK_PAM_ERROR(pam_setcred,
    611. 

  611. 				(*pamhp, 0));
    612. 

  612. 	{
    613. 

  613. 	    char *username	= NULL;
    614. 

  614. 

  615. 	    RUN_AND_CHECK_PAM_ERROR(pam_get_item,
    616. 

  616. 				    (*pamhp, PAM_USER, (void *) &username));
    617. 

  617. 	    if (username != NULL) {
    618. 

  618. 		Debug("PAM_USER: %s\n", username);
    619. 

  619. 		greet->name = username;
    620. 

  620. 		greet->password = NULL;
    621. 

  621. 	    }
    622. 

  622. 	}
    623. 

  623. 

  624.       pam_done:
    625. 

  625. 	if (code != 0)
    626. 

  626. 	{
    627. 

  627. 	    CloseGreet (d);
    628. 

  628. 	    SessionExit (d, code, FALSE);
    629. 

  629. 	}
    630. 

  630. 	if ((pam_error == PAM_SUCCESS) && (Verify (d, greet, verify))) {
    631. 

  631. 	    SetPrompt (login, 1, "Login Successful", LOGIN_TEXT_INFO, False);
    632. 

  632. 	    SetValue (login, 1, NULL);
    633. 

  633.             log_to_audit_system(*pamhp, 1);
    634. 

  634. 	    break;
    635. 

  635. 	} else {
    636. 

  636. 	    /* Try to fill in username for failed login error log */
    637. 

  637. 	    char *username = greet->name;
    638. 

  638. 

  639. 	    if (username == NULL) {
    640. 

  640. 		RUN_AND_CHECK_PAM_ERROR(pam_get_item,
    641. 

  641. 					(*pamhp, PAM_USER,
    642. 

  642. 					 (void *) &username));
    643. 

  643. 	    }
    644. 

  644. 	    FailedLogin (d, username);
    645. 

  645.             log_to_audit_system(*pamhp, 0);
    646. 

  646. 	    RUN_AND_CHECK_PAM_ERROR(pam_end,
    647. 

  647. 				    (*pamhp, pam_error));
    648. 

  648. 	}
    649. 

  649. #else /* not PAM */
    650. 

  650. 	/*
    651. 

  651. 	 * Greet user, requesting name/password
    652. 

  652. 	 */
    653. 

  653. 	code = Greet (d, greet);
    654. 

  654. 	if (code != 0)
    655. 

  655. 	{
    656. 

  656. 	    CloseGreet (d);
    657. 

  657. 	    SessionExit (d, code, FALSE);
    658. 

  658. 	}
    659. 

  659. 	/*
    660. 

  660. 	 * Verify user
    661. 

  661. 	 */
    662. 

  662. 	if (Verify (d, greet, verify))
    663. 

  663. 	    break;
    664. 

  664. 	else
    665. 

  665. 	{
    666. 

  666. 	    FailedLogin (d, greet->name);
    667. 

  667. 	    bzero (greet->name, strlen(greet->name));
    668. 

  668. 	    bzero (greet->password, strlen(greet->password));
    669. 

  669. 	}
    670. 

  670. #endif
    671. 

  671.     }
    672. 

  672.     DeleteXloginResources (d, *dpy);
    673. 

  673.     CloseGreet (d);
    674. 

  674.     Debug ("Greet loop finished\n");
    675. 

  675.     /*
    676. 

  676.      * Run system-wide initialization file
    677. 

  677.      */
    678. 

  678.     if (source (verify->systemEnviron, d->startup) != 0)
    679. 

  679.     {
    680. 

  680. 	Debug ("Startup program %s exited with non-zero status\n",
    681. 

  681. 		d->startup);
    682. 

  682. 	SessionExit (d, OBEYSESS_DISPLAY, FALSE);
    683. 

  683.     }
    684. 

  684.     /*
    685. 

  685.      * for user-based authorization schemes,
    686. 

  686.      * add the user to the server's allowed "hosts" list.
    687. 

  687.      */
    688. 

  688.     for (i = 0; i < d->authNum; i++)
    689. 

  689.     {
    690. 

  690. #ifdef SECURE_RPC
    691. 

  691. 	if (d->authorizations[i]->name_length == 9 &&
    692. 

  692. 	    memcmp(d->authorizations[i]->name, "SUN-DES-1", 9) == 0)
    693. 

  693. 	{
    694. 

  694. 	    XHostAddress	addr;
    695. 

  695. 	    char		netname[MAXNETNAMELEN+1];
    696. 

  696. 	    char		domainname[MAXNETNAMELEN+1];
    697. 

  697. 

  698. 	    getdomainname(domainname, sizeof domainname);
    699. 

  699. 	    user2netname (netname, verify->uid, domainname);
    700. 

  700. 	    addr.family = FamilyNetname;
    701. 

  701. 	    addr.length = strlen (netname);
    702. 

  702. 	    addr.address = netname;
    703. 

  703. 	    XAddHost (*dpy, &addr);
    704. 

  704. 	}
    705. 

  705. #endif
    706. 

  706. #ifdef K5AUTH
    707. 

  707. 	if (d->authorizations[i]->name_length == 14 &&
    708. 

  708. 	    memcmp(d->authorizations[i]->name, "MIT-KERBEROS-5", 14) == 0)
    709. 

  709. 	{
    710. 

  710. 	    /* Update server's auth file with user-specific info.
    711. 

  711. 	     * Don't need to AddHost because X server will do that
    712. 

  712. 	     * automatically when it reads the cache we are about
    713. 

  713. 	     * to point it at.
    714. 

  714. 	     */
    715. 

  715. 	    extern Xauth *Krb5GetAuthFor();
    716. 

  716. 

  717. 	    XauDisposeAuth (d->authorizations[i]);
    718. 

  718. 	    d->authorizations[i] =
    719. 

  719. 		Krb5GetAuthFor(14, "MIT-KERBEROS-5", d->name);
    720. 

  720. 	    SaveServerAuthorizations (d, d->authorizations, d->authNum);
    721. 

  721. 	}
    722. 

  722. #endif
    723. 

  723.     }
    724. 

  724. 

  725.     return Greet_Success;
    726. 

  726. }
    727. 

  727. 

  728. 

  729. #ifdef USE_PAM
    730. 

  730. static int pamconv(int num_msg,
    731. 

  731. # ifndef sun
    732. 

  732. 		   const
    733. 

  733. # endif
    734. 

  734. 		   struct pam_message **msg,
    735. 

  735. 		   struct pam_response **response, void *appdata_ptr)
    736. 

  736. {
    737. 

  737.     int i;
    738. 

  738.     int greetCode;
    739. 

  739.     int status = PAM_SUCCESS;
    740. 

  740.     const char *pam_msg_styles[5]
    741. 

  741. 	= { "<invalid pam msg style>",
    742. 

  742. 	    "PAM_PROMPT_ECHO_OFF", "PAM_PROMPT_ECHO_ON",
    743. 

  743. 	    "PAM_ERROR_MSG", "PAM_TEXT_INFO" } ;
    744. 

  744. 

  745.     struct pam_message      *m;
    746. 

  746.     struct pam_response     *r;
    747. 

  747. 

  748.     struct myconv_data	    *d = (struct myconv_data *) appdata_ptr;
    749. 

  749. 

  750.     pam_handle_t	    **pamhp = thepamhp();
    751. 

  751. 

  752.     *response = calloc(num_msg, sizeof (struct pam_response));
    753. 

  753.     if (*response == NULL)
    754. 

  754. 	return (PAM_BUF_ERR);
    755. 

  755. 

  756.     m = (struct pam_message *)*msg;
    757. 

  757.     r = *response;
    758. 

  758. 

  759.     if (login == NULL) {
    760. 

  760. 	status = PAM_CONV_ERR;
    761. 

  761. 	goto pam_error;
    762. 

  762.     }
    763. 

  763. 

  764.     for (i = 0; i < num_msg; i++ , m++ , r++) {
    765. 

  765. 	char *username;
    766. 

  766. 	int promptId = 0;
    767. 

  767. 	loginPromptState pStyle = LOGIN_PROMPT_ECHO_OFF;
    768. 

  768. 

  769. 	if ((pam_get_item(*pamhp, PAM_USER, (void *) &username) == PAM_SUCCESS)
    770. 

  770. 	    && (username != NULL) && (*username != '\0')) {
    771. 

  771. 	    SetPrompt(login, LOGIN_PROMPT_USERNAME,
    772. 

  772. 		      NULL, LOGIN_TEXT_INFO, False);
    773. 

  773. 	    SetValue(login, LOGIN_PROMPT_USERNAME, username);
    774. 

  774. 	    promptId = 1;
    775. 

  775. 	}
    776. 

  776. 

  777. 	Debug("pam_msg: %s (%d): '%s'\n",
    778. 

  778. 	      ((m->msg_style > 0) && (m->msg_style <= 4)) ?
    779. 

  779. 	       pam_msg_styles[m->msg_style] : pam_msg_styles[0],
    780. 

  780. 	       m->msg_style, m->msg);
    781. 

  781. 

  782. 	switch (m->msg_style) {
    783. 

  783. 	  case PAM_ERROR_MSG:
    784. 

  784. 	      ErrorMessage(login, m->msg, True);
    785. 

  785. 	      break;
    786. 

  786. 

  787. 	  case PAM_TEXT_INFO:
    788. 

  788. 	      SetPrompt (login, promptId, m->msg, LOGIN_TEXT_INFO, True);
    789. 

  789. 	      SetValue (login, promptId, NULL);
    790. 

  790. 	      break;
    791. 

  791. 

  792.           case PAM_PROMPT_ECHO_ON:
    793. 

  793. 	      pStyle = LOGIN_PROMPT_ECHO_ON;
    794. 

  794. 	      /* FALLTHROUGH */
    795. 

  795.           case PAM_PROMPT_ECHO_OFF:
    796. 

  796. 	      SetPrompt (login, promptId, m->msg, pStyle, False);
    797. 

  797. 	      SetValue (login, promptId, NULL);
    798. 

  798. 	      greetCode = Greet (d->d, d->greet);
    799. 

  799. 	      if (greetCode != 0) {
    800. 

  800. 		  status = PAM_CONV_ERR;
    801. 

  801. 		  goto pam_error;
    802. 

  802. 	      } else {
    803. 

  803. 		  r->resp = strdup(GetValue(login, promptId));
    804. 

  804. 		  SetValue(login, promptId, NULL);
    805. 

  805. 		  if (r->resp == NULL) {
    806. 

  806. 		      status = PAM_BUF_ERR;
    807. 

  807. 		      goto pam_error;
    808. 

  808. 		  }
    809. 

  809. 		  /* Debug("pam_resp: '%s'\n", r->resp); */
    810. 

  810. 	      }
    811. 

  811. 	      break;
    812. 

  812. 

  813. 	  default:
    814. 

  814. 	      LogError("Unknown PAM msg_style: %d\n", m->msg_style);
    815. 

  815. 	}
    816. 

  816.     }
    817. 

  817.   pam_error:
    818. 

  818.     if (status != PAM_SUCCESS) {
    819. 

  819. 	/* free responses */
    820. 

  820. 	r = *response;
    821. 

  821. 	for (i = 0; i < num_msg; i++, r++) {
    822. 

  822. 	    if (r->resp) {
    823. 

  823. 		bzero(r->resp, strlen(r->resp));
    824. 

  824. 		free(r->resp);
    825. 

  825. 	    }
    826. 

  826. 	}
    827. 

  827. 	free(*response);
    828. 

  828. 	*response = NULL;
    829. 

  829.     }
    830. 

  830.     return status;
    831. 

  831. }
    832. 

  832. #endif
    833.